You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
35 lines
2.0 KiB
35 lines
2.0 KiB
import org.springframework.web.bind.annotation.GetMapping;
|
|
import org.springframework.web.bind.annotation.RestController;
|
|
|
|
import javax.servlet.http.Cookie;
|
|
import javax.servlet.http.HttpServletRequest;
|
|
import javax.servlet.http.HttpServletResponse;
|
|
import javax.servlet.http.HttpSession;
|
|
|
|
public class SessionCacheParamsChecker {
|
|
|
|
private static final long serialVersionUID = 1391640560504378168L;
|
|
|
|
public void doGet(HttpServletRequest request, HttpServletResponse response) {
|
|
// 直接从request获取参数
|
|
String param = request.getParameter("userId"); // Noncompliant {{页面隐藏域字段、Cookie、URL等关键参数不能直接获取,应缓存到服务器端的会话中并通过会话获取}}
|
|
request.getParameter("userpassword");// Noncompliant {{页面隐藏域字段、Cookie、URL等关键参数不能直接获取,应缓存到服务器端的会话中并通过会话获取}}
|
|
request.getParameter("token");// Noncompliant {{页面隐藏域字段、Cookie、URL等关键参数不能直接获取,应缓存到服务器端的会话中并通过会话获取}}
|
|
request.getParameter("url");// Noncompliant {{页面隐藏域字段、Cookie、URL等关键参数不能直接获取,应缓存到服务器端的会话中并通过会话获取}}
|
|
// 直接从request获取Cookies
|
|
Cookie[] cookies = request.getCookies();// Noncompliant {{页面隐藏域字段、Cookie、URL等关键参数不能直接获取,应缓存到服务器端的会话中并通过会话获取}}
|
|
// 将参数存储到session
|
|
HttpSession session = request.getSession();
|
|
session.setAttribute("sessionParam", param);
|
|
// 其他代码...
|
|
}
|
|
|
|
@RestController
|
|
class TestController{
|
|
|
|
@GetMapping("/get")
|
|
public void get(HttpServletRequest request){
|
|
String userId = request.getParameter("userId");// Noncompliant {{页面隐藏域字段、Cookie、URL等关键参数不能直接获取,应缓存到服务器端的会话中并通过会话获取}}
|
|
}
|
|
}
|
|
} |